bingosummer/gcp-service-broker

Cloud Foundry service broker for Google Cloud Platform services

Pivotal Cloud Foundry Service Broker for Google Cloud Platform

Depends on lager and gorilla/mux.

Requires go 1.6 and the associated buildpack

Prerequisites

GCP prereqs

1. go to console.cloud.google.com and sign up, walking through the setup wizard
2. next to the Google Cloud Platform logo in the upper left-hand corner, click the dropdown and select "Create Project"
3. give your project a name and click "Create"
4. when the project is created (a notification will show in the upper right), refresh the page.
5. in the left nav, go to API Manager
6. click "Library"
7. search "google cloud resource manager api", click the option with no other modifiers, and enable.
8. search "Google Identity and Access Management (IAM) API", click the option with no other modifiers, and enable.
9. if you wish to use CloudSQL, search "sqladmin", click the only option, and enable.
10. in the left nav, go to IAM and Admin
11. click Service Accounts
12. click create service account and set the role to Owner
13. check furnish new private key (leave json key type)
14. click create, save the downloaded file to a safe and accessible place.

Db prereqs

1. create new MySQL instance
2. run CREATE DATABASE servicebroker;
3. run CREATE USER '<username>'@'%' IDENTIFIED BY '<password>';
4. run GRANT ALL PRIVILEGES ON servicebroker.* TO '<username>'@'%' WITH GRANT OPTION;
5. (optional) create ssl certs for the database and save them somewhere secure

required env vars - if deploying as an app, add these to missing-properties.yml

• ROOT_SERVICE_ACCOUNT_JSON (the string version of the credentials file created for the Owner level Service Account)
• SECURITY_USER_NAME (a username to sign all service broker requests with - the same one used in cf create-service-broker)
• SECURITY_USER_PASSWORD (a password to sign all service broker requests with - the same one used in cf create-service-broker)
• DB_HOST (the host for the database to back the service broker)
• DB_USERNAME (the database username for the service broker to use)
• DB_PASSWORD (the database password for the service broker to use)

optional env vars - if deploying as an app, optionally add these to missing-properties.yml

• DB_PORT (defaults to 3306)
• CA_CERT
• CLIENT_CERT
• CLIENT_KEY
• CLOUDSQL_CUSTOM_PLANS (A map of plan names to string maps with fields guid, name, description, tier, pricing_plan, max_disk_size, display_name, and service (Cloud SQL's service id)) - if unset, the service will be disabled. e.g.

{ "test_plan": { "name": "test_plan", "description": "testplan", "tier": "D8", "pricing_plan": "PER_USE", "max_disk_size": "15", "display_name": "FOOBAR", "service": "4bc59b9a-8520-409f-85da-1c7552315863" } }

Usage

As an App

Update the manifest with ENV vars

1. replace any blank variables that are in manifest.yml with your own ENV vars

Push the service broker to CF and enable services

1. cf push gcp-service-broker
2. cf create-service-broker
3. (for all applicable services, e.g.) cf enable-service-access google-pubsub

As a Tile

Import the product into Ops Manager

1. Click "Import a Product" and upload the .pivotal file from the product directory

Add the product to your Dashboard

1. Click the plus icon next to the uploaded product

Configure the Service Broker

1. Click on the tile and fill in any required fields (tabs will be orange if updates are needed)
2. Once the tile is green and updates are applied, review the service/plan access and update if necessary using cf disable-service-access. By default, all services and plans are enabled except CloudSQL (unless plans have been saved for it). If you wish to change this, you'll need to use the cf cli's service-access commands.

(Optional) Increase the default provision/bind timeout

It is advisable, if you want to use CloudSQL, to increase the default timeout for provision and bind operations to 90 seconds. CloudFoundry does not, at this point in time, support asynchronous binding, and CloudSQL bind operations may exceed 60 seconds. To change this setting, set broker_client_timeout_seconds = 90

Use!

e.g. cf create-service pubsub default foobar -c '{"topic_name": "foobar"}' e.g. cf bind-service myapp foobar -c '{"role": "pubsub.admin"}'

Service calls take the following custom parameters, all as strings, (required where marked):

• PubSub
  • Provison
    • topic_name (required)
    • subscription_name
    • is_push (defaults to false, to set use "true")
    • endpoint (for when is_push == "true", defaults to nil)
    • ack_deadline (in seconds, defaults to 10, max 600)
  • Bind
    • role without "roles/" prefix (see https://cloud.google.com/iam/docs/understanding-roles for available roles)
• Cloud Storage
  • Provison
    • name (required)
    • location (for options, see https://cloud.google.com/storage/docs/bucket-locations. Defaults to us)
  • Bind
    • role without "roles/" prefix (see https://cloud.google.com/iam/docs/understanding-roles for available roles)
• BigQuery
  • Provison
    • name (required)
  • Bind
    • role without "roles/" prefix (see https://cloud.google.com/iam/docs/understanding-roles for available roles), e.g. pubsub.admin
• CloudSQL
  • Provison
    • instance_name (required)
    • database_name (required)
    • version (defaults to 5.6)
    • disk_size in GB (only for 2nd gen, defaults to 10)
    • region (defaults to us-central)
    • zone (for 2nd gen)
    • disk_type (for 2nd gen, defaults to ssd)
    • failover_replica_name (only for 2nd gen, if specified creates a failover replica, defaults to "")
    • maintenance_window_day (for 2nd gen only, defaults to 1 (Sunday))
    • maintenance_window_hour (for 2nd gen only, defaults to 0)
    • backups_enabled (defaults to true, set to "false" to disable)
    • backup_start_time (defaults to 06:00)
    • binlog (defaults to false for 1st gen, true for 2nd gen, set to "true" to use)
    • activation_policy (defaults to on demand)
    • replication_type (defaults to synchronous)
    • auto_resize (2nd gen only, defaults to false, set to "true" to use)
  • Bind
    • username (defaults to a generated value)
    • password (defaults to a generated value)
• ML APIs
  • Bind
    • role without "roles/" prefix (see https://cloud.google.com/iam/docs/understanding-roles for available roles)

Change Notes

see https://github.com/GoogleCloudPlatform/gcp-service-broker/blob/master/CHANGELOG.md

Support

For functional issues with the service broker or feature requests, please file a github issue here:

https://github.com/GoogleCloudPlatform/gcp-service-broker/issues

They will be prioritized and updated here:

https://github.com/GoogleCloudPlatform/gcp-service-broker/projects/1

For discussions and updates, please subscribe to this group:

https://groups.google.com/forum/#!forum/gcp-service-broker

This is not an official Google product.